EP1775972A1 - Procede de transfert de communication, procede de traitement de message de communication et procede de controle de communication - Google Patents

Procede de transfert de communication, procede de traitement de message de communication et procede de controle de communication Download PDF

Info

Publication number
EP1775972A1
EP1775972A1 EP05765143A EP05765143A EP1775972A1 EP 1775972 A1 EP1775972 A1 EP 1775972A1 EP 05765143 A EP05765143 A EP 05765143A EP 05765143 A EP05765143 A EP 05765143A EP 1775972 A1 EP1775972 A1 EP 1775972A1
Authority
EP
European Patent Office
Prior art keywords
communication
access point
mobile node
access
decryption key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP05765143A
Other languages
German (de)
English (en)
Inventor
Makis Matsushita Electric Ind. Co. Ltd. KASAPIDIS
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Panasonic Corp
Original Assignee
Matsushita Electric Industrial Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Matsushita Electric Industrial Co Ltd filed Critical Matsushita Electric Industrial Co Ltd
Publication of EP1775972A1 publication Critical patent/EP1775972A1/fr
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/062Pre-authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/08Reselecting an access point
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0016Hand-off preparation specially adapted for end-to-end data sessions

Definitions

  • the present invention relates to a communication handover method, a communication message processing method and a communication control method, and particularly to a communication handover method, a communication message processing method and a communication control method for a communication system that achieves a security countermeasure for communication performed between a mobile node and an access point in a wireless LAN system.
  • an MN mobile node
  • an AP access point
  • an AR access router
  • FIG. 10 is a diagram showing an overview of the port control provided by IEEE 802.1x, according to related art (see chapter 6 of non-patent document 1 below).
  • a supplicant system, an authenticator system and an authentication server system are shown. It should be noted that the supplicant system, the authenticator system and the authentication server system correspond respectively to an ,MN, which serves as an access client, and AP and RADIUS server systems that serve as access servers.
  • the supplicant system mounts a supplicant PAE (Port Access Entity), which is software required by an access client in order to obtain an authentication conforming to IEEE 802.1x. Furthermore, the authenticator system mounts an authenticator PAE.
  • This authenticator PAE can be connected through a non-control port to the supplicant system that gains access via a LAN (wireless LAN), and can also communicate with the authentication server of the authentication server system.
  • the authenticator PAE performs port control, so that the supplicant system can obtain, through a control port, for example, a predetermined service such as an Internet access service.
  • the authenticator system can also examine the MAC (Media Access Control) address of the supplicant system and perform port control, so that the supplicant system is inhibited from being connected to both the control port and a non-control port.
  • MAC Media Access Control
  • Fig. 11 is a sequence chart showing an example operation, for the arrangement in Fig. 10, when a supplicant system obtains a predetermined service via the authenticator. It should be noted that an explanation will be given by employing, as an example, an operation related to authentication that uses EAP and RADIUS.
  • step S1001 to S1004 The operation shown in the sequence chart in Fig. 11 is roughly separated into a first half (steps S1001 to S1004), for MAC authentication, and a second half (steps S1101 to S1111), for an authentication based on IEEE 802.1x.
  • the supplicant system when the supplicant system is connected to the authenticator system (i.e., when the MN is connected to the AP), as a Probe Request, the supplicant system transmits to the authenticator system an SSID (Service Set ID) to be used, and a communication speed (step S1001), and as a Probe Response, which is a reply to the request, the authenticator system transmits to the supplicant system a communication speed to be used (step S1002).
  • SSID Service Set ID
  • the supplicant system transmits an MAC address as an Open Authentication Request to the authenticator system (step S1003), and the authenticator system acknowledges reception of the MAC address and transmits to the supplicant system an MAC Authentication Ack indicating that a radio network can be normally employed (step S1004).
  • the supplicant system transmits to the authenticator system an EAPOL-START, which is a request for the start of the EAP (step S1101), and the authenticator system transmits an EAP-Request/Identity to the supplicant system, and thus starts the EAP (step S1102).
  • the supplicant system transmits to the authenticator system, an EAP-Response/Identity that includes the ID (identification information) of the supplicant system (step S1103), and the authenticator system transfers this information as a Radius-Access-Request to the authentication server system (step S1104).
  • the authentication server system transmits to the authenticator system a request for transmission of a certificate for the supplicant system and a certificate for the authentication server system (step S1105), and the authenticator system transfers this information as an EAP-Request to the supplicant system (step S1106).
  • the supplicant system transmits to the authenticator system an EAP-Response (credentials) that includes a certificate representing an authorized client (step S1107), and the authenticator system transfers this information as a Radius-Access-Request to the authentication server system (step S1108).
  • the authentication server system then performs a predetermined authentication process to authorize the supplicant system, and as a Radius-Access-Challenge, transmits to the authenticator system information indicating the authentication has been successful and information that is the basis for a communication encryption/decryption key (step S1109).
  • the authenticator system transmits to the supplicant system an EAP-Success indicating that the authentication has been successful (step S1110), and generates a communication encryption/decryption key (here, an EAPOL-Key (WEP)) and transmits it to the supplicant system (step S1111).
  • a communication encryption/decryption key here, an EAPOL-Key (WEP)
  • a communication encryption/decryption key which is employed for the radio network between the supplicant system and the authenticator system, is generated and used in common. Furthermore, the authenticator system controls ports, so that access to a predetermined service through the control port is provided for a supplicant system that has been authenticated. Although this was not explained during the above operation, for example, a message related to the acknowledgement of an available encryption/compression system, such as TLS (Transport Layer Security), is also exchanged between the supplicant system and the authentication server system.
  • TLS Transport Layer Security
  • an authentication server 903 distributes, to an AP 902, an encryption/decryption key for communication between an MN 900 and an AP 901, and in the case of a handover during which the MN 900 is switched between the APs 901 and 902, the MN 900 employs the communication encryption/decryption key used before the handover and engages in radio communication with the AP 902, at the handover destination, until a new communication ericryption/decryption key is distributed as a result of an authentication.
  • FMIP Frest Mobile IP
  • CoA Care of Address
  • Non-patent Document 1 IEEE Std 802.1X-2001, "IEEE Standard for Local and Metropolitan Area Networks - Port-Based Network Access Control", published 13 July 2001
  • Non-patent Document 2 Rajeev Koodli, "Fast Handovers for Mobile IPv6", draft-ietf-mobileip-fast-mipv6-08, October 2003
  • Patent Document 1 Japanese Patent Application Publication 2003-259417 (Fig. 1, Fig. 14, Paragraphs 0074 to 0079)
  • patent document 1 is useful for a network configuration wherein a plurality of APs are managed by the same authentication server (or authentication servers operated by the same administrator (agency)).
  • a plurality of APs are managed by the same authentication server (or authentication servers operated by the same administrator (agency)).
  • Fig. 13 wherein APs are managed by different authentication servers 911 and 912 connected to an IP network 910, it is difficult for the same communication encryption/decryption key to be distributed to APs that are ranked lower than these servers.
  • a rapid process for layer 3, such as an IP layer, or higher can be performed at the time of a handover.
  • the authentication process e.g., the series of processes shown in Fig. 11
  • the technique described in non-patent document 2 can not resolve a communication delay or disconnection that is the result of a process being performed for layer 2 or lower at the time of a handover.
  • one objective of the present invention is to rapidly establish security between a mobile node and an access point when a handover for the mobile node is performed between access points linked to different access routers, so that the possibility a communication delay or disconnection will occur due to the handover is reduced.
  • a communication handover method whereby, in a communication system wherein a first access router, having a first access point at a lower rank, and a second access router, having a second access point at a lower rank, are connected via a communication network, a mobile node performs a handover from the first access point to the second access point, comprises:
  • the communication handover method of this invention further comprises:
  • the mobile node transmits, to the first access router, an RtSolPr message or an FBU message for FMIP, in which the identification information, for the mobile information and the communication encryption/decryption key related to encrypted communication with the first access point, are embedded.
  • FMIP messages each carrying identification information for a mobile node and a communication encryption/decryption key related to encrypted communication with an access point (the first access point) to which the mobile node was connected before the handover, can be efficiently transferred from the mobile node to an access router (the first access router) to which the mobile node was connected before the handover.
  • the first access router transmits to the second access router an HI message of FMIP that includes the identification information for the mobile node and the communication encryption/decryption key related to encrypted communication with the first access point.
  • FMIP messages each carrying identification information for a mobile node and a communication encryption/decryption key related to encrypted communication with an access point (the first access point), to which the mobile node was connected before the handover, can be efficiently transferred from an access router (the first access router), to which the mobile node was connected before the handover, to an access router (the second access router), to which the mobile node is to be connected after the handover.
  • a communication handover method for a mobile node that performs a handover from a first access point to a second access point, in a communication system wherein a first access router, having the first access point at a lower rank, and a second access router, having the second access point at a lower rank, are connected via a communication network, comprises:
  • the communication handover method of this invention further comprises:
  • the communication handover method of this invention further comprises a step of:
  • a communication message processing method for an access router whereby in a communication system wherein a first access router having a first access point at a lower rank and a second access router having a second access point at a lower rank are connected via a communication network, a mobile node performs a handover from the first access point to the second access point, comprises:
  • a RtSolPr message or an FBU message for FMIP in which the identification information for the mobile node and the communication encryption/decryption key related to encrypted communication with the first access point are embedded, is received from the mobile node.
  • FMIP messages each carrying identification information for a mobile node and a communication encryption/decryption key related to encrypted communication with an access point (the first access point) to which the mobile node was connected before the handover, can be efficiently transferred from the mobile node to an access router (the first access router) to which the mobile node was connected before the handover.
  • the communication message processing method of this invention further comprises a step of:
  • a communication message processing method for a second access router whereby in a communication system wherein a first access router having a first access point at a lower rank and the second access router having a second access point at a lower rank are connected via a communication network, a mobile node performs a handover from the first access point to the second access point, comprises:
  • an HI message for FMIP in which the identification information for the mobile node and the communication encryption/decryption key related to encrypted communication with the first access point are embedded, is received from the first access router.
  • FMIP messages each carrying identification information for a mobile node and a communication encryption/decryption key related to encrypted communication with an access point (the first access point) to which the mobile node was connected before the handover, can be efficiently transferred from an access router (the first access router) to which the mobile node was connected before the handover to an access router (the second access router) to which the mobile node is to be connected after the handover.
  • the communication message processing method of this invention further comprises a step of:
  • a communication control method for a second access point whereby, in a communication system wherein a first access router, having a first access point at a lower rank, and a second access router, having the second access point at a lower rank, are connected via a communication network, a mobile node performs a handover from the first access point to the second access point, comprises:
  • the communication control method of this invention further comprises:
  • the communication handover method, the communication message processing method and the communication control method of the present invention have the above described arrangements, and provide effects such that, when a mobile node performs a handover between access points that are present on the links of different access routers, security can be rapidly established between the mobile node and an access point, and the possibility of a communication delay or disconnection due to the handover can be reduced.
  • an MN 10 transmits identification information (e.g., an MAC address) for the MN 10 and a communication encryption/decryption key used for communication with the AP 21 before the handover; the MAC address of the MN 10 and the communication encryption/decryption key are supplied to the nAR 30, which is located higher than the AP 31 that is newly connected after the handover; and further, the MAC address for the MN 10 and the communication encryption/decryption key are supplied by the nAR 30 to the AP 31; and thus, without a series of operations (e.g., the operation in the sequence chart in Fig. 11) related to the acquisition of security being performed with the AP 31, the MN 10 can rapidly recover to the communication state before the handover, by using the communication encryption/
  • Fig. 1 is a diagram showing an example network configuration according to the mode of the present invention.
  • an MN 10 a pAR 20; an AP 21, at a lower rank than the pAR 20; an authentication server 22, on the link of the pAR 20; an nAR 30; an AP 31, at a lower rank than the nAR 30; an authentication server 32, on the link of the nAR 30; a CN (Correspondent Node) 40; and an IP network 50.
  • CN Correspondent Node
  • IP network 50 IP network 50.
  • the MN 10 can perform communication with a plurality of CNs 40 through the IP network 50, and a plurality of CNs 40 may be present.
  • the pAR 20 and the nAR 30 are access routers connected to the IP network 50, and individually form sub-nets.
  • the MN 10 When the MN 10 is present inside the communication cell of the AP 21, at a lower rank than the pAR 20, the MN 10 can access the IP network 50 via the AP 21 and the pAR 20.
  • the MN 10 When the MN 10 is present inside the communication cell of the AP 31, at a lower rank than the nAR 30, the MN 10 can access the IP network 50 via the AP 31 and the nAR 30.
  • the authentication server 22 or 32 is a server for authenticating the MN 10 that is connected either to the AP 21 or 31, and is, for example, a RADIUS server.
  • the authentication servers 22 and 32 can hold or refer to a user account database, in which qualification information for authentication, property information for each user, etc., are stored. It is preferable that a relationship of trust be established in advance between the pAR 20 and the nAR 30 (or an arbitrary node present on the link of the pAR 20 and an arbitrary node present on the link of the nAR 30) so as to transmit a communication encryption/decryption key.
  • the MN 10, the APs 21 and 31 and the authentication servers 22 and 32 include entities, such as IEEE 802.1x and the EAP, for performing mutual authentication between the MN 10 and the APs 21 and 31, and enabling encrypted communication between the MN 10 and the APs 21 and 31.
  • entities such as IEEE 802.1x and the EAP
  • the IP network 50 is, for example, a WAN (Wide Area Network), using IP communication via the Internet, etc.
  • the pAR 20 and the nAR 30 described above can be connected to the IP network 50.
  • the CN 40 is shown that can be connected to the IP network 50 and is communicating with the MN 10.
  • the MN 10 is connected to the AP 21, and is currently communicating with the CN 40 via the pAR 20. And assume that, by performing a handover from the AP 21 to the AP 31, the MN 10 is to newly communicate with the CN 40 via the nAR 30, after the handover.
  • the MN 10 transmits, to the nAR 30, a notification indicating an MAC address and a communication encryption/decryption key (hereinafter also called simply a key), and when the nAR 30 provides this information for the AP 31, communication after the handover is rapidly started.
  • a notification indicating an MAC address and a communication encryption/decryption key (hereinafter also called simply a key)
  • an MN 10, a pAR 20, an nAR 30 and an AP 31 shown in Figs. 2 to 5 are detailed arrangements for the MN 10, the pAR 20, the nAR 30 and the AP 31 shown in Fig. 1.
  • the individual functions are shown using blocks, and can be obtained by using hardware and/or software.
  • the main processes of this invention e.g., processes at the individual steps shown in Fig. 6, which will be described later
  • Fig. 2 is a diagram showing an example arrangement for an MN according to the mode of the present invention.
  • the MN 10 shown in Fig. 2 includes a handover determination unit 1001, a radio reception unit 1002, a radio transmission unit 1003, a decryption unit 1004, an encryption unit 1005, a key storage unit 1006, an MAC address storage unit 1007, an MAC address/key acquisition unit 1008 and an FMIP processing unit 1009.
  • the handover determination unit 1001 is a processor that determines the start of a handover under an arbitrary condition, e.g., compares radio field intensities for a plurality of different APs, and performs the L2 handover to the AP having the highest radio field intensity (changes the connection to a communication destination AP).
  • radio reception unit 1002 and the radio transmission unit 1003 are processors that respectively perform data reception and data transmission via radio communication, and include various functions required for performing radio communication.
  • the decryption unit 1004 and the encryption unit 1005 are processors that respectively employ a communication encryption/decryption key stored in the key storage unit 1006 to decrypt data received by the radio reception unit 1002, and to encrypt data to be transmitted by the radio transmission unit 1003. It should be noted that encrypted communication using the decryption unit 1004 and the encryption unit 1005 is performed in order to improve security along radio transmission paths between the MN 10 and the APs 21 and 31.
  • the key storage unit 1006 is a processor for storing a key that is used for encrypted communication between the APs 21 and 31 (encrypted communication using the decryption unit 1004 and the encryption unit 1005) in order to reinforce security. It should be noted that conventionally, when the MN 10 is connected to the AP 21 or 31, this communication encryption/decryption key is to be generated through the authentication process, and is to be periodically updated for the reinforcement of security.
  • the MAC address storage unit 1007 represents a nonvolatile memory, etc., in which MAC addresses by which network apparatuses can be uniquely identified are stored.
  • the MAC address/key acquisition unit 1008 is a processor for reading an MAC address stored in the MAC address storage unit 1007 and a communication encryption/decryption key stored in the key storage unit 1006. It should be noted that in this invention an MAC address and a communication encryption/decryption key are read in consonance with the processing related to the FMIP.
  • an MAC address and the communication encryption/decryption key which are obtained by the MAC address/key acquisition unit 1008, are to be supplied to the FMIP processing unit 1009, and are either to be transmitted to the pAR 20, with a transmission message associated with the FMIP, or to be transmitted to the pAR 20, as an inherent MAC address/key notification message, in accordance with a transmission timing for a transmission message associated with the FMIP, or a reception timing for a reception message.
  • the FMIP processing unit 1009 is a processor that, in response to a determination by the handover determination unit 1001 to initiate a handover, performs a process related to the FMIP, such as the generation of a transmission message associated with the FMIP (e.g., an RtSolPr (Router Solicitation for a Proxy or Router Solicitation for Proxy Advertisement) message or an FBU (Fast Binding Update) message), or handling of a reception message associated with the FMIP (e.g., a PrRtAdv (Proxy Router Advertisement) message or an FBAck (Fast Binding Acknowledge) message).
  • a transmission message associated with the FMIP e.g., an RtSolPr (Router Solicitation for a Proxy or Router Solicitation for Proxy Advertisement) message or an FBU (Fast Binding Update) message
  • handling of a reception message associated with the FMIP e.g., a PrRt
  • the MN 10 is so designed that the MN 10 can transmit, to the pAR 20, a transmission message related to the FMIP, in which the MAC address of the MN 10 and the communication encryption/decryption key are embedded, or in accordance with a transmission timing for a transmission message related to the FMIP or a reception timing for a reception message, the MN 10 can transmit an address/key notification message that includes the MAC address of the MN 10 and the communication encryption/decryption key.
  • Fig. 3 is a diagram showing an example configuration of a pAR according to the mode of the present invention.
  • the pAR 20 in Fig. 3 includes a reception unit 2001, a transmission unit 2002, an FMIP processing unit 2003 and an MAC address/key extraction unit 2004. While the pAR 20 also includes a transfer unit for transferring a received packet, this is not shown.
  • the reception unit 2001 and the transmission unit 2002 are processors that are connected to the link of the pAR 20, to which the AP 21 is also connected, or to the IP network 50, to respectively perform data reception and data transmission.
  • the FMIP processing unit 2003 is a processor for performing processes related to the FMIP, such as a search for an access router (nAR 30), which is a connection destination, to which the MN 10 is to be connected by the next handover, acquisition of the network prefix for a sub-net that the nAR 30 forms, generation of a transmission message related to the FMIP (e.g., an HI (Handover Initiate) message or an FBAck message) and the handling of a reception message related to the FMIP (e.g., an FBU message or an HAck (Handover Acknowledge) message).
  • a transmission message related to the FMIP e.g., an HI (Handover Initiate) message or an FBAck message
  • the handling of a reception message related to the FMIP e.g., an FBU message or an HAck (Handover Acknowledge) message.
  • the presence of the FMIP processing unit 2003 indicates that the pAR 20 mounts the FMIP.
  • the MAC address/key extraction unit 2004 is a processor for extracting the MAC address of the MN 10 and the communication encryption/decryption key that are embedded in a reception message, related to the FMIP, that is received from the MN 10, or for extracting the MAC address of the MN 10 and the communication encryption/decryption key from an inherent address/key notification message that is received from the MN 10.
  • the MAC address of the MN 10 and the communication encryption/decryption key, which have been extracted by the MAC address/key extraction unit 2004, are to be supplied to the FMIP processing unit 2003, and are either to be transmitted to the nAR 30, with a transmission message related to the FMIP, or to be transmitted as an inherent address/key notification message to the nAR 30, in accordance with the transmission timing for a transmission message related to the FMIP or a reception timing for a reception message.
  • the pAR 20 is so designed that when a notification designating the MAC address of the MN 10 and the communication encryption/decryption key is received from the MN 10, the pAR 20 can transmit to the nAR 30 a transmission message related to the FMIP, in which the MAC address of the MN 10 and the communication encryption/decryption key are embedded, or in accordance with the transmission timing for a transmission message related to the FMIP, or the reception timing for a reception message, the pAR 20 can transmit to the nAR 30 an address/key notification message that includes the MAC address of the MN 10 and the communication encryption/decryption key.
  • Fig. 4 is a diagram showing an example arrangement for an nAR according to the mode of this invention.
  • the nAR 30 in Fig. 4 includes a reception unit 3001, a transmission unit 3002, an FMIP processing unit 3003, an MAC/address key extraction unit 3004 and an MAC address/key notification message generation unit 3005. While the nAR 30 also includes a transfer unit for transferring a received packet, this is not shown.
  • the reception unit 3001 and the transmission unit 3002 are processors that are connected to the link of the nAR 30, to which the AP 31 is also connected, or to the IP network 50, to respectively perform data reception and data transmission.
  • the FMIP processing unit 3003 is a processor for performing processes related to the FMIP, such as the verification of the IP address of the MN 10 received from the pAR 20, the generation of a transmission message related to the FMIP (e.g., an HAck message) and the handling of a reception message related to the FMIP (e.g., an HI message or an FNA (Fast Neighbor Advertisement) message). It should be noted that the presence of the FMIP processing unit 3003 indicates that the nAR 30 mounts the FMIP.
  • the MAC address/key extraction unit 3004 is a processor for extracting the MAC address of the MN 10 and the communication encryption/decryption key, which are embedded in a message related to the FMIP that is received from the pAR 20, or for extracting the MAC address of the MN 10 and the communication encryption/decryption key from an inherent address/key notification message that is received from the pAR 20. Additionally, the MAC address of the MN 10 and the communication encryption/decryption key, which have been extracted by the MAC address/key extraction unit 3004, are to be supplied to the MAC address/key notification message generation unit 3005.
  • the MAC address/key notification message generation unit 3005 is a processor for generating a notification message that includes the MAC address of the MN 10 and the communication encryption/decryption key, which have been extracted by the MAC address/key extraction unit 3004. And a notification message, generated by the MAC address/key notification message generation unit 3005, is transmitted via the transmission unit 3002 to the AP 31, located at a lower level.
  • the nAR 30 is so designated that when a notification designating the MAC address of the MN 10 and the communication encryption/decryption key is received from the pAR 20, the nAR 30 can transmit, to the AP 31 at the lower rank, a notification designating the MAC address of the MN 10 and the communication encryption/decryption key.
  • Fig. 5 is a diagram showing an example arrangement of an AP, at a lower rank than the nAR, according to the mode of this invention.
  • the AP 31 in Fig. 5 includes a radio reception unit 3101, a radio transmission unit 3102, a reception unit 3103, a transmission unit 3104, a decryption unit 3105, an encryption unit 3106, an MAC address/key extraction unit 3107, a key storage unit 3108, an MAC address identification unit 3109 and a port control unit 3110.
  • the radio reception unit 3101 and the radio transmission unit 3102 are processors that respectively perform data reception and data transmission via radio communication, and include various functions required for radio communication. It should be noted that the radio reception unit 3101 and radio transmission unit 3102 form a communication cell that is a radio transmission/reception range for radio communication, and enable communication with the MN 10 that is present in this communication cell. Further, the reception unit 3103 and the transmission unit 3104 are processors that are connected to the link of the nAR 30 to perform data reception and data transmission.
  • the decryption unit 3105 and the encryption unit 3106 are processors that employ a communication encryption/decryption key stored in the key storage unit 3108 to respectively decrypt data received by the radio reception unit 3101 and to encrypt data to be transmitted by the radio transmission unit 3102. It should be noted that data decrypted by the decryption unit 3105 are transmitted by the port control unit 3110, via a control port or a controlled port, to the nAR 30 and the authentication server 32. Furthermore, data encrypted by the encryption unit 3106 are transmitted to the MN 10 along a radio transmission path.
  • the MAC address/key extraction unit 3107 is a processor for performing a process related to a notification message, received from the nAR 30, that includes the MAC address of the MN 10 and the communication encryption/decryption key.
  • the MAC address/key extraction unit 3107 extracts the MAC address of the MN 10 and the communication encryption/decryption key from a notification message received from the nAR 30, and supplies them to the key storage unit 3108.
  • the key storage unit 3108 is a key that is used for encrypted communication with the MN 10 (encrypted communication using the decryption unit 3105 and the encryption unit 3106) in order to reinforce security.
  • the key storage unit 3108 not only a communication encryption/decryption key, generated through the normal authentication process, but also a communication encryption/decryption key, included in a notification message received from the nAR 30, is stored in the key storage unit 3108.
  • the MAC address identification unit 3109 is a processor for determining that the MAC address designated by the MN 10, or the MAC address described as a transmission source for data received from the MN 10 via the radio reception unit 3101, matches the MN 10 MAC address that is stored in the key storage unit 3108.
  • the port control unit 3110 is a processor for controlling the allowance and usage of, for example, a control port shown in Fig. 10. That is, in this arrangement, prepared by the MAC address identification unit 3109 and the port control unit 3110, the MN 10 that has an MAC address stored in the key storage unit 3108 is regarded as an MN 10 that has been verified through the authentication process and that can use the control port.
  • the AP 31 is so designed that when a notification designating the MAC address of the MN 10 and the communication encryption/decryption key is received from the nAR 30, the AP 31 performs port control based on this information.
  • Fig. 6 is a sequence chart showing an example operation for the mode of the present invention.
  • the MN 10 has begun moving from the area of the pAR 20 (the communication cell range of the AP 21) to the area of the nAR 30 (the communication cell range of the AP 31), the movement is detected by layer 2, and based on this as a starting point, the initiation of a handover to layer 3 is determined to be logical (step S101).
  • the initiation of a handover is determined, for example, by comparing the radio field reception intensity for the AP 21 with the radio field reception intensity for the AP 31.
  • the MN 10 Based, for example, on a beacon received from the AP 31 at a moving location, the MN 10 obtains from the AP 31 information that includes an AP-ID (identification information for each AP), and transmits, to the currently connected pAR 20, an RtSolPr message that includes the AP-ID of the AP 31 (step S102).
  • the RtSolPr message transmitted by the MN 10 is transferred by the AP 21 and received by the pAR 20 (step S103).
  • the pAR 20 Upon receiving this RtSolPr message, the pAR 20 employs the AP-ID of the AP 31 notified by the MN 10, and either searches for a neighboring access router to obtain information about the nAR 30, or obtains for the nAR 30 information that has previously been obtained as a result of a search (information held by the pAR 20).
  • the pAR 20 transmits to the MN 10 a PrRtAdv message that includes information about the nAR 30 (e.g., information, such as the network prefix of a sub-net formed by the nAR 30) (step S104).
  • the PrRtAdv message transmitted by the pAR 20 is transferred by the AP 21 and received by the MN 10 (step S105).
  • the MN 10 Upon receiving the PrRtAdv message, the MN 10 employs the network prefix of a sub-net formed by the nAR 30, which is included in the PrRtAdv message, and the link layer address of the MN 10, and generates an NCoA (New Care of Address), which is an address that can conform to the sub-net formed by the nAR 30. It should be noted that the above described operation is the same as that defined by the FMIP.
  • the MAC address/key acquisition unit 1008 of the MN 10 obtains the MAC address of the MN 10 and a communication encryption/decryption key used for communication with the AP 21, and transmits these data to the FMIP processing unit 1009.
  • the FMIP processing unit 1009 of the MN 10 generates an FBU (Fast Binding Update) message in which, in addition to the generated NCoA, the MAC address and the communication encryption/decryption key are embedded.
  • the MN 10 forwards, to the pAR 20, the FBU message (written as FBU (an MAC, key) in Fig. 6) in which the MAC address and the communication encryption/decryption key have been embedded (step S106).
  • the FBU message, transmitted by the MN 10, in which the MAC address and the communication encryption/decryption key have been embedded is transferred by the AP 21 and received by the pAR 20 (step S107).
  • the MAC address/key extraction unit 2004 extracts the MAC address and the communication encryption/decryption key from the FBU message and transmits the thus extracted MAC address and communication encryption/decryption key to the FMIP processing unit 2003.
  • the FMIP processing unit 2003 generates an HI message in order to ascertain whether the NCoA generated by the MN 10 is an address that can be used for the sub-net of the nAR 30, and at this time, embeds in the HI message the MAC address and the communication encryption/decryption key received from the MN 10.
  • the pAR 20 transmits to the nAR 30 the HI message (written as HI(MAC, key) in Fig. 6) in which the MAC address and the communication encryption/decryption key have been embedded (step S108).
  • the HI message forwarded from the pAR 20 to the nAR 30, in which the MAC address and the communication encryption/decryption key have been embedded arrives at the nAR 30 via multiple relay nodes (not shown) that constitute the IP network 50.
  • the MAC address/key extraction unit 3004 extracts the MAC address and the communication encryption/decryption key from the HI message, and transmits to the MAC address/key notification message generation unit 3005 the MAC address and the communication encryption/decryption key that have been extracted.
  • the MAC address/key notification message generation unit 3005 generates an address/key notification message (written as a notification message(MAC, key) in Fig. 6) that includes the MAC address and the communication encryption/decryption key (step S109). Also, the nAR 30 transmits this notification message to the AP 31 (step S110).
  • the AP 31 can obtain the MAC address of an MN 10 that will effect an access, as a result of a handover, and a communication encryption/decryption key that the pertinent MN 10 used with the AP 21 before the handover.
  • the nAR 30 examines the validity of the NCoA, which is included in the HI message in which the MAC address and the communication encryption/decryption key had been embedded, and when the NCoA is valid, a process (the normal process related to the FMIP) for transmitting to the pAR 20 an HAck message designating the status indicated by the results, a process for the transmission of an FBAck message by the pAR 20, and a process for the transfer of a packet from the pAR 20 to the nAR 30, etc., are performed.
  • a process the normal process related to the FMIP
  • the handover process for switching from the AP 21, at a lower rank than the pAR 20, to the AP 31, at a lower rank than the nAR 30 (step S111). Then, the MN 10 transmits a handover notification to the AP 31 in order to issue a connection request (step S112). It should be noted that with the handover notification the MN 10 transmits the MAC address to the AP 31.
  • the AP 31 Upon receiving the handover notification, the AP 31 detects that the MN 10 has attempted a connection to the AP 31.
  • the MAC address identification unit 3109 examines the MAC addresses, designated by the nAR 30 using notification messages, to determine whether there is an MAC address that matches the MAC address indicated by the MN 10 using the handover notification (step S113). When the MAC address identification unit 3109 determines that there is a matched MAC address, the MAC address identification unit 3109 generates information indicating that the MAC address has been identified and transmits the information to the MN 10 (step S114). Upon receiving this notification, the MN 10 initiates encrypted communication with the AP 31 using the communication encryption/decryption key that was used with the AP 21 before the handover (step S115).
  • the AP 31 can employ the communication encryption/decryption key for the MN 10 that is received from the nAR 30 and decrypt a packet received from the MN 10. Further, in a case wherein a matched MAC address is identified at step S113, the AP 31 sets the MN 10 to the control port enabled state, and performs port control, so that the MN 10 can obtain, for example, a predetermined service, such as an Internet access service, via the control port.
  • a predetermined service such as an Internet access service
  • the AP 31 does not yet receive, from the nAR 30, a notification message, which includes the MAC address of the MN 10 and the communication encryption/decryption key.
  • the AP 31 starts a conventional authentication process at step S116, and as soon as the AP 31 obtains, from the nAR 30, the MAC address of the MN 10 and a communication encryption/decryption key, permits the use of the communication encryption/decryption key employed before the handover. In this manner, following the handover, the MN 10 can quickly begin communicating using the communication encryption/decryption key employed before the handover.
  • the AP 31, to which the MN 10 is to be connected after the handover can obtain the MAC address of the MN 10 and the communication encryption/decryption key that the MN 10 used with the AP 21 before the handover. Therefore, after the MN 10 has been switched to the AP 31 by a handover, the MN 10 is not required to perform the authentication process related to the generation of a new communication encryption/decryption key, and employing the communication encryption/decryption key used before the handover, can continuously perform communication.
  • the communication encryption/decryption key used by the MN 10 before the handover is a key that was distributed by completion of a specific authentication process before the handover. Therefore, this is information indicating that the MN 10 was certified for communication with the AP 21 to which connected before the handover. Thus it is appropriate, even after the handover, that the MN 10 be authorized to use the communication encryption/decryption key that was used before the handover.
  • a communication encryption/decryption key employed before a handover be used only as temporary means for providing continuous service, and be replaced in as short a period as possible with a new communication encryption/decryption key generated through the performance of an appropriate authentication process (replacement of a communication encryption/decryption key used before a handover by a newly generated communication encryption/decryption key).
  • the AP 31 sets the pertinent MN 10 in a control port enabled state, so that after the handover, the MN 10 is permitted to use the communication encryption/decryption key used before the handover. Also, the AP 31 performs, in parallel, a conventional authentication process and generation of a new communication encryption/decryption key (e.g., the processes at steps S1101 to S1111 of the sequence chart in Fig. 11) (step S116).
  • a conventional authentication process and generation of a new communication encryption/decryption key e.g., the processes at steps S1101 to S1111 of the sequence chart in Fig. 11
  • Fig. 9 is a diagram typically showing, for the mode of this invention, the authentication process performed for an MN that is set up to use, after a handover, a communication encryption/decryption key that was used before the handover.
  • Fig. 9A is a diagram typically showing the state wherein an AP permits an MN to use a communication encryption/decryption key used before a handover.
  • Fig. 9B is a diagram typically showing the state wherein, as a result of an AP performing an authentication process for an MN after a handover, the MN is authenticated.
  • Fig. 9C is a diagram typically showing the state wherein, as a result of an AP performing the authentication process for an MN after the handover, the MN is not authenticated. It should be noted that in Figs. 9A to C, the port control states of the AP 31 are typically shown.
  • the AP 31 After the AP 31 has acknowledged the MAC address of the MN 10 at step S113, as shown in Fig. 9A, the AP 31 enters the state wherein MN 10 is enabled to perform encrypted communication using the communication encryption/decryption key used before the handover, and wherein the port control unit 3110 manages a control port in order to provide for the MN 10 a predetermined service, such as a service related to a connection to an external IP network 50, like the Internet (a connection to the nAR 30). Therefore, the MN 10 can employ the communication encryption/decryption key used before the handover, and can quickly, and temporarily, perform again the communication that was being performed before the handover.
  • a predetermined service such as a service related to a connection to an external IP network 50, like the Internet (a connection to the nAR 30). Therefore, the MN 10 can employ the communication encryption/decryption key used before the handover, and can quickly, and temporarily, perform again the communication that was being performed before the handover.
  • the AP 31 performs a conventional authentication process for the MN 10 at step S116.
  • the AP 31 distributes to the MN 10 a new communication encryption/decryption key that is to be employed by the MN 10.
  • the AP 31 enters a state wherein encrypted communication is enabled using the new communication encryption/decryption key, and wherein the port control unit 3110 continues management of the control port in order to provide a predetermined service for the MN 10.
  • the AP 31 enters a state wherein a new communication encryption/decryption key is not distributed to the MN 10, and wherein the port control unit 3110 manages the control port so as not to provide a predetermined service for the MN 10 (so that the MN 10 can not utilize a predetermined service).
  • the MN 10 embeds the MAC address and the communication encryption/decryption key in the FBU message.
  • they can also be embedded in an RtSolPr message, or in an independent MAC address/key notification message that is not related to an FMIP associated message.
  • the MAC address and the communication encryption/decryption key can be embedded in an RtSolPr message.
  • FIG. 7A to C three examples described above are shown, and concern a message that is transmitted by the MN 10 to the pAR 20 and are related to the notification of the MAC address and the communication encryption/decryption key.
  • the pAR 20 embeds the MAC address and the communication encryption/decryption key in an HI message.
  • they can also be embedded in an independent MAC address/key notification message that is not related to an FMIP associated message.
  • Figs. 8A and B two examples described above are shown, and concern a message that is transmitted by the pAR 20 to the nAR 30 and is related to the MAC address and the communication encryption/decryption key.
  • the MN 10 before performing a handover between the APs 21 and 31 that are present at lower ranks of different access routers (pAR 20 and nAR 30) connected to the IP network 50, the MN 10 transmits the MAC address of the MN 10 and a communication encryption/decryption key used for communication with the AP 21 before the handover; the MAC address of the MN 10 and the communication encryption/decryption key are supplied to the nAR 30, which is higher than the AP 31 that is newly connected after the handover; and further, the MAC address for the MN 10 and the communication encryption/decryption key are supplied by the nAR 30 to the AP 31.
  • the MN 10 and the AP 31, and the AP 31 and the authentication server 32 can quickly recover the communication condition existing before the handover by using the communication encryption/decryption key that was used before the handover.
  • LSI Large Scale Integration
  • IC Integrated Circuit
  • the integrated circuit formation method is not limited to the LSI, but is also applicable to a dedicated circuit or a general-purpose processor that may be employed.
  • An FPGA Field Programmable Gate Array
  • a reconfigurable processor for which the connection and the setup of a circuit cell inside an LSI is reconfigurable, may also be employed.
  • the communication handover method, the communication message processing method and the communication control method of the present invention provide effects that, when a mobile node performs a handover between access points present on the links of different access routers, security between the mobile node and an access point can be quickly established, so as to reduce the possibility of communication delays or disconnections due to the handover, and can be applied for a technique associated with a handover for a mobile node that performs radio communication, especially for a technique associated with a mobile node that performs radio communication using mobile IPv6.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)
EP05765143A 2004-06-30 2005-06-27 Procede de transfert de communication, procede de traitement de message de communication et procede de controle de communication Withdrawn EP1775972A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2004194374 2004-06-30
PCT/JP2005/011722 WO2006003859A1 (fr) 2004-06-30 2005-06-27 Procede de transfert de communication, procede de traitement de message de communication et procede de controle de communication

Publications (1)

Publication Number Publication Date
EP1775972A1 true EP1775972A1 (fr) 2007-04-18

Family

ID=35782668

Family Applications (1)

Application Number Title Priority Date Filing Date
EP05765143A Withdrawn EP1775972A1 (fr) 2004-06-30 2005-06-27 Procede de transfert de communication, procede de traitement de message de communication et procede de controle de communication

Country Status (8)

Country Link
US (1) US20090172391A1 (fr)
EP (1) EP1775972A1 (fr)
JP (1) JPWO2006003859A1 (fr)
KR (1) KR20070034060A (fr)
CN (1) CN101015225A (fr)
BR (1) BRPI0512734A (fr)
RU (1) RU2007103334A (fr)
WO (1) WO2006003859A1 (fr)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007110748A2 (fr) * 2006-03-27 2007-10-04 Nokia Corporation Appareil, procédé et produit-programme informatique pour effectuer des transferts réactifs et proactifs unifiés
WO2009003404A1 (fr) * 2007-06-29 2009-01-08 Huawei Technologies Co., Ltd. Procédé et appareil permettant un transfert rapide
US8644206B2 (en) 2007-08-17 2014-02-04 Qualcomm Incorporated Ad hoc service provider configuration for broadcasting service information
WO2014028691A1 (fr) * 2012-08-15 2014-02-20 Interdigital Patent Holdings, Inc. Améliorations visant à permettre un établissement de sécurité rapide
US9179367B2 (en) 2009-05-26 2015-11-03 Qualcomm Incorporated Maximizing service provider utility in a heterogeneous wireless ad-hoc network
US9392445B2 (en) 2007-08-17 2016-07-12 Qualcomm Incorporated Handoff at an ad-hoc mobile service provider

Families Citing this family (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006024982A (ja) * 2004-07-06 2006-01-26 Keio Gijuku セキュリティ・アソシエーションの確立方法
US20090147751A1 (en) * 2005-08-05 2009-06-11 Lakshmi Prabha Gurusamy Method of applying fast mobile ipv6 for mobile nodes in mobile networks, mobile router therefor, and mobile network therefor
KR20080013581A (ko) * 2006-08-09 2008-02-13 삼성전자주식회사 보안을 위한 정보 수집이 가능한 스테이션 및 그의 보안을위한 정보 수집 방법
JP4841519B2 (ja) * 2006-10-30 2011-12-21 富士通株式会社 通信方法、通信システム、鍵管理装置、中継装置及びコンピュータプログラム
KR100879986B1 (ko) * 2007-02-21 2009-01-23 삼성전자주식회사 모바일 네트워크 시스템 및 그 시스템의 핸드오버 방법
US20090047930A1 (en) * 2007-08-17 2009-02-19 Qualcomm Incorporated Method for a heterogeneous wireless ad hoc mobile service provider
US20090049158A1 (en) * 2007-08-17 2009-02-19 Qualcomm Incorporated Ad hoc service provider topology
US20090046598A1 (en) * 2007-08-17 2009-02-19 Qualcomm Incorporated System and method for acquiring or distributing information related to one or more alternate ad hoc service providers
US20090073943A1 (en) * 2007-08-17 2009-03-19 Qualcomm Incorporated Heterogeneous wireless ad hoc network
US20090047966A1 (en) * 2007-08-17 2009-02-19 Qualcomm Incorporated Method for a heterogeneous wireless ad hoc mobile internet access service
CN101394275B (zh) * 2007-09-19 2011-08-03 华为技术有限公司 一种实现路由安全的方法、系统及设备
JP2009130603A (ja) * 2007-11-22 2009-06-11 Sanyo Electric Co Ltd 通信方法およびそれを利用した基地局装置、端末装置、制御装置
KR101407573B1 (ko) * 2007-12-18 2014-06-13 한국전자통신연구원 무선 액세스 기술과 이동ip 기반 이동성 제어 기술이적용된 차세대 네트워크 환경을 위한 통합 핸드오버 인증방법
US8218459B1 (en) * 2007-12-20 2012-07-10 Genbrand US LLC Topology hiding of a network for an administrative interface between networks
US8051141B2 (en) * 2009-10-09 2011-11-01 Novell, Inc. Controlled storage utilization
CN102056184B (zh) * 2009-10-30 2014-04-23 中兴通讯股份有限公司 射频拉远单元链路自适应方法及装置
JP5625703B2 (ja) * 2010-10-01 2014-11-19 富士通株式会社 移動通信システム、通信制御方法及び無線基地局
US8655322B2 (en) * 2011-05-19 2014-02-18 Apple Inc. Disabling access point notifications
KR101589653B1 (ko) * 2011-08-04 2016-01-29 엠파이어 테크놀로지 디벨롭먼트 엘엘씨 프록시에 의한 Wi-Fi 인증
CN106488547B (zh) 2015-08-27 2020-02-14 华为技术有限公司 一种sta的认证数据管理方法、装置及设备
CN105959950A (zh) * 2015-12-02 2016-09-21 珠海网博信息科技股份有限公司 一种无线接入系统及其连接方法
US10341908B1 (en) * 2018-03-01 2019-07-02 Cisco Technology, Inc. Seamless roaming for clients between access points with WPA-2 encryption
US10412587B1 (en) * 2018-06-07 2019-09-10 Motorola Solutions, Inc. Device, system and method to secure deployable access points in a side-haul communication network from a compromised deployable access point
KR102347100B1 (ko) * 2018-07-18 2022-01-05 주식회사 빅솔론 서비스제공장치 및 보안 핸드오버 방법
US11283644B2 (en) * 2020-03-04 2022-03-22 At&T Intellectual Property I, L.P. Facilitation of access point authenticated tunneling for 5G or other next generation network

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7454527B2 (en) * 2001-05-02 2008-11-18 Microsoft Corporation Architecture and related methods for streaming media content through heterogeneous networks
JP2003259417A (ja) * 2002-03-06 2003-09-12 Nec Corp 無線lanシステム及びそれに用いるアクセス制御方法
JP4254196B2 (ja) * 2002-10-17 2009-04-15 ソニー株式会社 通信端末装置、通信基地局装置、通信中継装置、および方法、並びにコンピュータ・プログラム

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2006003859A1 *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007110748A2 (fr) * 2006-03-27 2007-10-04 Nokia Corporation Appareil, procédé et produit-programme informatique pour effectuer des transferts réactifs et proactifs unifiés
WO2007110748A3 (fr) * 2006-03-27 2007-12-21 Nokia Corp Appareil, procédé et produit-programme informatique pour effectuer des transferts réactifs et proactifs unifiés
WO2009003404A1 (fr) * 2007-06-29 2009-01-08 Huawei Technologies Co., Ltd. Procédé et appareil permettant un transfert rapide
US8644206B2 (en) 2007-08-17 2014-02-04 Qualcomm Incorporated Ad hoc service provider configuration for broadcasting service information
US9167426B2 (en) 2007-08-17 2015-10-20 Qualcomm Incorporated Ad hoc service provider's ability to provide service for a wireless network
US9392445B2 (en) 2007-08-17 2016-07-12 Qualcomm Incorporated Handoff at an ad-hoc mobile service provider
US9398453B2 (en) 2007-08-17 2016-07-19 Qualcomm Incorporated Ad hoc service provider's ability to provide service for a wireless network
US9179367B2 (en) 2009-05-26 2015-11-03 Qualcomm Incorporated Maximizing service provider utility in a heterogeneous wireless ad-hoc network
WO2014028691A1 (fr) * 2012-08-15 2014-02-20 Interdigital Patent Holdings, Inc. Améliorations visant à permettre un établissement de sécurité rapide
US9237448B2 (en) 2012-08-15 2016-01-12 Interdigital Patent Holdings, Inc. Enhancements to enable fast security setup
US9743280B2 (en) 2012-08-15 2017-08-22 Interdigital Patent Holdings, Inc. Enhancements to enable fast security setup

Also Published As

Publication number Publication date
RU2007103334A (ru) 2008-08-10
JPWO2006003859A1 (ja) 2008-04-17
KR20070034060A (ko) 2007-03-27
CN101015225A (zh) 2007-08-08
BRPI0512734A (pt) 2008-04-08
US20090172391A1 (en) 2009-07-02
WO2006003859A1 (fr) 2006-01-12

Similar Documents

Publication Publication Date Title
EP1775972A1 (fr) Procede de transfert de communication, procede de traitement de message de communication et procede de controle de communication
KR100480258B1 (ko) 무선 근거리 네트워크에서 고속 핸드오버를 위한 인증방법
JP5597676B2 (ja) 鍵マテリアルの交換
US7451316B2 (en) Method and system for pre-authentication
TWI445371B (zh) 提供安全通訊之方法、提供安全通訊之系統、中繼站、以及基地台
US20090208013A1 (en) Wireless network handoff key
WO2008021855A2 (fr) Gestion de clé de réseau ad-hoc
JP2005110112A (ja) 通信システムにおける無線通信装置の認証方法及び無線通信装置及び基地局及び認証装置。
US9084111B2 (en) System and method for determining leveled security key holder
EP2105036A1 (fr) Procédé de distribution de clés dynamiques a jetons pour environnements itinérants
JP4681990B2 (ja) 通信システム及び通信方式
Bohák et al. An authentication scheme for fast handover between WiFi access points
JP2006245831A (ja) 通信方法、通信システム、認証サーバ、および移動機
JP2006041594A (ja) 移動通信システムおよび移動端末の認証方法
JP2008048212A (ja) 無線通信システム、無線基地局装置、無線端末装置、無線通信方法、及びプログラム
Zheng et al. Handover keying and its uses
Marques et al. Fast, secure handovers in 802.11: back to the basis
Marques et al. Fast 802.11 handovers with 802.1 X reauthentications
Kim et al. Dual authentications for fast handoff in IEEE 802.11 WLANs: A reactive approach
Park et al. Secure and seamless handoff scheme for a wireless LAN system
Susanto Functional Scheme for IPv6 Mobile Handoff
Komarova et al. Optimized ticket distribution scheme for fast re-authentication protocol (fap)

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20070104

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU MC NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA HR LV MK YU

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: PANASONIC CORPORATION

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN

18W Application withdrawn

Effective date: 20090429